Eliad Peller [Mon, 20 Oct 2014 03:21:39 +0000 (23:21 -0400)]
HT: Let the driver advertise its supported SMPS modes for AP mode
Add smps_modes field, and let the driver fill it with its supported SMPS
modes (static/dynamic). This will let us start an AP with specific SMPS
mode (e.g., dynamic) that will allow it to reduce its power usage.
Jouni Malinen [Thu, 23 Oct 2014 18:52:05 +0000 (21:52 +0300)]
P2P: Stop TX wait on SD query TX status failure
The previous TX operation could be on another channel if there are
multiple peers with pending SD queries. To avoid failing to send the
following query, stop the last one to allow any Listen channel to be
used for the following query during p2p_find iteration.
Jouni Malinen [Thu, 23 Oct 2014 18:49:42 +0000 (21:49 +0300)]
P2P: Limit number of SD retries during find
Commit 7139cf4a4f1fecfd03d0daff9bb33adb80cc3530 ('P2P: Decrement
sd_pending_bcast_queries when sd returns success') added support for
retrying P2P SD queries. However, it did this without limiting how many
retries are allowed. This can result in excessive number of retries if a
peer device does not show up on its Listen channel and there is a
pending SD query to it. Limit the maximum number of SD retries to 100
per p2p_find operation for each peer to avoid unlimited retries.
Jouni Malinen [Thu, 23 Oct 2014 18:30:32 +0000 (21:30 +0300)]
P2P: Iterate through all peers in pending pre-find operation
Commit 7139cf4a4f1fecfd03d0daff9bb33adb80cc3530 ('P2P: Decrement
sd_pending_bcast_queries when sd returns success') changed P2P SD
behavior in a way that the P2P search loop ended up in continuing with
the first peer entry until it acknowledged receipt of a pending
broadcast SD request while the previous design went through all peers
once. While it is reasonable to retry SD, getting stuck with the first
peer is not really desirable. Change the p2p_continue_find() loop to
continue from the next peer in each iteration to allow progress through
all peers that have pending operations if any other peer is not
acknowledging frames (e.g., due to not being on Listen channel).
Chet Lanctot [Thu, 23 Oct 2014 15:21:49 +0000 (18:21 +0300)]
Add support for offloading key management operations to the driver
This commit introduces a QCA vendor command and event to provide an
option to use extended versions of the nl80211 connect/roam operations
in a way that allows drivers to offload key management operations to the
driver/firmware.
Jouni Malinen [Thu, 23 Oct 2014 13:33:25 +0000 (16:33 +0300)]
tests: Allow time for go_neg_pbc() GO Neg Resp to go out
It was possible for the not-pre-authorized GO Negotiation case to end up
starting new GO Negotiation before the GO Negotiation Response frame
with status=1 was transmitted. While this works for group formation, it
could reduce test coverage for the common case where that response is
received. At a small sleep to make it less likely for this unexpected
sequence to happen during testing.
Jouni Malinen [Wed, 22 Oct 2014 17:02:48 +0000 (20:02 +0300)]
P2P: Search all 2.4 GHz social channels regardless of disallow_freq
Commit 1595eb93aee0239de51f1090d4528e4b2cfe3add ('P2P: Add support for
60 GHz social channel') had an unintended change to how P2P search scans
2.4 GHz social channels. Use of p2p_supported_freq() to filter the list
of social channels ended up using the disallow_freq setting to remove
social channels from the P2P search scans. This is not desired since
peers need to be found on any of the social channels even if those
channels have been disabled from P2P operating channel use. Restore the
previous behavior by included all the 2.4 GHz social channels in P2P
search scans if the driver indicated support for the 2.4 GHz band.
Jouni Malinen [Tue, 21 Oct 2014 09:16:47 +0000 (12:16 +0300)]
GAS: Do not reply to P2P SD query from generic GAS/ANQP server
This avoids an issue where a wpa_supplicant build with CONFIG_P2P=y and
CONFIG_HS20=y ended up processing a P2P SD query twice when operating as
a GO and sending out two replies. Only the P2P SD implementation should
reply to P2P SD query in such a case.
The kernel now has full support for this (and it is turned off
by default for hwsim) so wpa_supplicant should really go back
to autodetecting this so clients don't have to figure out what
to do.
Also add a debug message stating that P2P_DEVICE support is used.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 20 Oct 2014 10:00:07 +0000 (12:00 +0200)]
tests: Disable support_p2p_device by default
When loading the hwsim module, disable support_p2p_device by default.
This will also become the default in the kernel, but until then it
makes sure it's not turned on by default.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Wed, 22 Oct 2014 07:50:57 +0000 (10:50 +0300)]
tests: Run run-tests.py as root from run-all.sh
This will be needed to be able to control dynamic mac80211_hwsim
operations like adding and removing a phy. In the past, it has been
possible to start the main programs as root and then use non-root
account for run-tests.py. However, there is already a large number of
cases within the test scripts where sudo is needed. Moving that
requirement to execution of run-tests.py allows those to be simplified
as well.
Jouni Malinen [Tue, 21 Oct 2014 11:16:06 +0000 (14:16 +0300)]
browser-android: Use execv() directly instead of os_exec()
This allows the URL to be passed as a single argument to the program
instead of getting split into multiple by os_exec(). This makes the
operation more robust for cases where the URL could have been received
from an external source and could potentially add extra arguments to the
command line.
In addition, fix the /system/bin/input execution by using system() for
it instead of execv() through os_exec(). /system/bin/input is a script
that execv() won't be able to run. Since the full command line is
specified, system() can be used for this. The keycode is also changed
from 3 to KEYCODE_HOME to make this work with current Android version.
Jouni Malinen [Tue, 21 Oct 2014 11:04:25 +0000 (14:04 +0300)]
browser-wpadebug: Use execv() directly instead of os_exec()
This allows the URL to be passed as a single argument to the program
instead of getting split into multiple by os_exec(). This makes the
operation more robust for cases where the URL could have been received
from an external source and could potentially add extra arguments to the
command line.
Jouni Malinen [Tue, 21 Oct 2014 09:59:47 +0000 (12:59 +0300)]
browser-system: Use execv() directly instead of os_exec()
This allows the URL to be passed as a single argument to the program
instead of getting split into multiple by os_exec(). This makes the
operation more robust for cases where the URL could have been received
from an external source and could potentially add extra arguments to the
command line.
Kyeyoon Park [Wed, 15 Oct 2014 23:36:04 +0000 (16:36 -0700)]
AP: Add support for BSS load element (STA Count, Channel Utilization)
The new "bss_load_update_period" parameter can be used to configure
hostapd to advertise its BSS Load element in Beacon and Probe Response
frames. This parameter is in the units of BUs (Beacon Units).
When enabled, the STA Count and the Channel Utilization value will be
updated periodically in the BSS Load element. The AAC is set to 0 sinze
explicit admission control is not supported. Channel Utilization is
calculated based on the channel survey information from the driver and
as such, requires a driver that supports providing that information for
the current operating channel.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
Jouni Malinen [Mon, 20 Oct 2014 09:42:27 +0000 (12:42 +0300)]
P2P: Support dynamic addition of P2P Device triggering interface
This moves the addition of P2P Device interface into
wpa_supplicant_add_iface() so that this operation can be done
dynamically when adding an interface to an already running
wpa_supplicant process.
Jouni Malinen [Mon, 20 Oct 2014 09:40:29 +0000 (12:40 +0300)]
P2P: Remove all child interfaces when removing the parent
This is needed to allow dynamic removal of an interface that adds the
P2P Device interface without leaving behind the management interface
with invalid wpa_s->parent pointer.
Jouni Malinen [Mon, 20 Oct 2014 09:38:43 +0000 (12:38 +0300)]
tests: Remove wlan5-related interfaces based on list
Instead of hardcoding reset_devs() to remove wlan5, remove all wlan*
interfaces renaming in the wpa_supplicant process to support the case of
dynamically added hwsim phy.
Jouni Malinen [Sun, 19 Oct 2014 17:57:08 +0000 (20:57 +0300)]
tests: Use internal DATA_TEST_* functionality instead of hwsim_test
This replaces use of the external hwsim_test tool for most data
connectivity test cases. Only the cases where a special interface
(bridge/VLAN) is used are still executed through hwsim_test.
The internal DATA_TEST_* functionality makes it easier to extend the
connectivity test cases through an external device with real WLAN
hardware instead of the hwsim test setup. In addition, the error reports
from this code can be made more informative.
Jouni Malinen [Sun, 19 Oct 2014 17:55:02 +0000 (20:55 +0300)]
tests: Add own_addr() for both Hostapd and WpaSupplicant classes
This makes it easier to use instances of control interfaces in common
code without having to separately address hostapd and wpa_supplicant
behavior differences.
Jouni Malinen [Sun, 19 Oct 2014 17:51:45 +0000 (20:51 +0300)]
Add data test functionality
It is now possible to run hwsim_test like data connectivity test through
wpa_supplicant/hostapd control interface if CONFIG_TESTING_OPTIONS=y is
used for the build. Test functionality is enabled/disabled at runtime
with "DATA_TEST_CONFIG <1/0>". The "DATA_TEST_TX <dst> <src> <tos>"
command can be used to request a test frame to be transmitted.
"DATA-TEST-RX <dst> <src>" event is generated when the test frame is
received.
Bob Copeland [Mon, 1 Sep 2014 04:23:23 +0000 (00:23 -0400)]
nl80211: Add new peer candidate event for mesh
Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Bob Copeland <me@bobcopeland.com>
Bob Copeland [Mon, 1 Sep 2014 04:23:23 +0000 (00:23 -0400)]
nl80211: Add support for sta_add flags_mask
Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Bob Copeland <me@bobcopeland.com>
Bob Copeland [Mon, 1 Sep 2014 04:23:23 +0000 (00:23 -0400)]
nl80211: Add new commands to support mesh interfaces
Create init_mesh, mesh_join, and mesh_leave actions to kernel.
Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Bob Copeland <me@bobcopeland.com>
Bob Copeland [Mon, 1 Sep 2014 04:23:23 +0000 (00:23 -0400)]
nl80211: Add driver flag to indicate mesh support
Convert the driver flags variable to u64 since there was no room for
more flags.
Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Bob Copeland <me@bobcopeland.com>
Mikael Kanstrup [Fri, 17 Oct 2014 11:16:35 +0000 (13:16 +0200)]
P2P: Include passive channels in invitation response
Patch 51e9f22809b0f412c9c10baa34ddc46cf5df4f33 added the option
p2p_add_cli_chan to allow P2P GC to connect on passive channels
assuming the GO should know whether allowed to send on these channels.
This patch adds missing cli_channels to invitation response messages
to allow re-connecting to a persistent group as GC on passive
channels.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Jouni Malinen [Sat, 18 Oct 2014 13:20:51 +0000 (16:20 +0300)]
P2P: Fix group interface removal through interface ctrl_iface
It was possible to issue the P2P_GROUP_REMOVE command through the
per-interface control interface. This resulted in freed memory getting
accessed when trying to send the control interface response to the
operation that ended up deleting the group interface. Fix this by
postponing the removal operation until the caller has returned.
Jouni Malinen [Sat, 18 Oct 2014 10:02:02 +0000 (13:02 +0300)]
SAE: Add support for PMKSA caching on the station side
This makes wpa_supplicant SME create PMKSA cache entries from SAE
authentication and try to use PMKSA caching if an entry is found for the
AP. If the AP rejects the attempt, fall back to SAE authentication is
used.
Jouni Malinen [Sat, 18 Oct 2014 07:20:24 +0000 (10:20 +0300)]
Add Acct-Multi-Session-Id into RADIUS Accounting messages
This allows multiple sessions using the same PMKSA cache entry to be
combined more easily at the server side. Acct-Session-Id is still a
unique identifier for each association, while Acct-Multi-Session-Id will
maintain its value for all associations that use the same PMKSA.
Jouni Malinen [Sat, 18 Oct 2014 07:35:33 +0000 (10:35 +0300)]
Remove duplicated Acct-Session-Id from Accounting-Request
Commit 8b2486115479582b2ab164a4508f22ed23a9a4cb ('Add Acct-Session-Id
into Access-Request messages') added Acct-Session-Id building into the
helper function shared between authentication and accounting messages.
However, it forgot to remove the same code from the generation of
accounting messages and as such, ended up with Accounting-Request
messages containing two copies of this attribute. Fix this by removing
the addition of this attribute from the accounting specific function.
Justin Shen [Mon, 13 Oct 2014 07:40:08 +0000 (15:40 +0800)]
WPS: Extend startWhen to 2 if peer AP supports WPS 2.0
Increase EAPOL startWhen to 2 for the case where the AP/GO has
advertised it supports WPS 2.0. This is done to make it less likely for
the EAPOL-Start frame to be sent out since that is only required for WPS
1.0. Not sending it can remove one unnecessary round trip from the EAP
exchange when the AP is going to start with EAP-Request/Identity
immediately based on the Association Request frame.
Jouni Malinen [Sun, 12 Oct 2014 18:49:36 +0000 (21:49 +0300)]
tests: Add Python-version of parallel-vm.sh
This is a more advanced version of the simple parallel-vm.sh script.
Status of each VM is printed out during the test and results are
provided in more convenient format in the end.
Jouni Malinen [Sun, 12 Oct 2014 16:07:17 +0000 (19:07 +0300)]
netlink: Fix RTM_SETLINK padding at the end of the message
While the kernel seems to have accepted the message to set linkmode and
operstate without the final attribute getting padded to 32-bit length,
it is better to get this cleaned up to match expected format. The double
NLMSG_ALIGN() followed by RTA_LENGTH() did not make much sense here.
hostapd_cli: Add CLI commands enable, reload, and disable
Commands are already present in ctrl_iface.c (and parsed in
hostapd_ctrl_iface_receive() function) but not in hostapd_cli.c. This
patch updates hostapd_cli.c with matching functions.
P2P: Remove unreachable code in wpas_p2p_stop_find()
Commit 152cff6ba6d6ac206b93a2202eab57f0a36c26cb ('P2P: Remove
WPA_DRIVER_FLAGS_P2P_MGMT option') removed the only non-zero return from
wpas_p2p_stop_find_oper(), but did not remove the useless return value
or the return check in wpas_p2p_stop_find(). Clean these up by removing
unreachable code and useless return value.
Jouni Malinen [Sun, 12 Oct 2014 14:03:25 +0000 (17:03 +0300)]
Include ieee802_11_common.c in wpa_supplicant build unconditionally
This is needed for number of items and it was possible to make a build
configuration that did not include ieee802_11_common.c while still
trying to use functions from there. While it would be possible to add
NEED_80211_COMMON=y to all the cases where this file is needed, the
extra complexity from this is not really justifiable anymore, so include
the file unconditionally.
Jouni Malinen [Sun, 12 Oct 2014 13:56:23 +0000 (16:56 +0300)]
Fix build without IEEE8021X_EAPOL
The MACsec addition placed one of the calls outside the #ifdef
IEEE802X_EAPOL block while the variable needed for this was defined only
within the block.
Toby Gray [Fri, 10 Oct 2014 16:35:27 +0000 (17:35 +0100)]
Make wpa_ctrl_get_remote_ifname declaration conditional.
The definition of wpa_ctrl_get_remote_ifname is conditional on
CONFIG_CTRL_IFACE_UDP. This change makes the header declaration of
this function also conditional on the same define.
Toby Gray [Fri, 10 Oct 2014 16:34:18 +0000 (17:34 +0100)]
Fix warning about unused parameter if CONFIG_DEBUG_FILE is not defined.
This change adds a cast to void to indicate that the path parameter is
unused when CONFIG_DEBUG_FILE is not defined. This fixes a compiler
warning about unused parameters.
Jouni Malinen [Sun, 12 Oct 2014 13:45:33 +0000 (16:45 +0300)]
P2P: Add new=0/1 flag to P2P-DEVICE-FOUND events
This information can be used to determine whether the event is generated
for a new peer that was added or due to an update in the information for
an existing peer.
Jouni Malinen [Sun, 12 Oct 2014 08:53:51 +0000 (11:53 +0300)]
wpa_supplicant: Allow OpenSSL cipherlist string to be configured
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled for TLS-based EAP methods when
OpenSSL is used as the TLS library. This parameter can be used both as a
global parameter to set the default for all network blocks and as a
network block parameter to override the default for each network
profile.
Jouni Malinen [Sun, 12 Oct 2014 08:52:05 +0000 (11:52 +0300)]
hostapd: Allow OpenSSL cipherlist string to be configured
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled when hostapd is used as an EAP
server with OpenSSL as the TLS library.
Jouni Malinen [Sun, 12 Oct 2014 08:45:21 +0000 (11:45 +0300)]
OpenSSL: Add a mechanism to configure cipher suites
This extends the TLS wrapper code to allow OpenSSL cipherlist string to
be configured. In addition, the default value is now set to
DEFAULT:!EXP:!LOW to ensure cipher suites with low and export encryption
algoriths (40-64 bit keys) do not get enabled in default configuration
regardless of how OpenSSL build was configured.
Jouni Malinen [Sat, 11 Oct 2014 16:22:30 +0000 (19:22 +0300)]
EAP-IKEv2: Fix the payload parser
The payload lengths were not properly verified and the first check on
there being enough buffer for the header was practically ignored. The
second check for the full payload would catch length issues, but this is
only after the potential read beyond the buffer. (CID 72687)
Jouni Malinen [Sat, 11 Oct 2014 16:04:00 +0000 (19:04 +0300)]
TLS client: Make DH parameter parsing easier for static analyzers
The dh_p_len, dh_g_len, and dh_ys_len parameters were validated against
the received message structure, but that did not seem to be done in a
way that some static analyzers would understand this (CID 72699).
Jouni Malinen [Sat, 11 Oct 2014 15:40:32 +0000 (18:40 +0300)]
WFD: Use cleaner bounds checking for sub-element length field
Mark the variable as unsigned and make the length check use "len > end -
pos" version to makes this easier to understand for static analyzers
(CID 74155).
Jouni Malinen [Sat, 11 Oct 2014 15:34:25 +0000 (18:34 +0300)]
P2P NFC: Make code easier for static analyzers
len + pos > end comparison here did verify that the length field had a
valid value, but that did not seem to enough to avoid TAINTED_SCALAR
warning. Re-order that validation step to be equivalent "len > end -
pos" to remove these false positives (CID 68116).
Jouni Malinen [Sat, 11 Oct 2014 15:11:14 +0000 (18:11 +0300)]
EAP-FAST server: Remove unused assignment
Commit e8c08c9a363340c45baf8e13c758c99078bc0d8b ('EAP-FAST server: Fix
potential read-after-buffer (by one byte)') changed the while loop
design in a way that does not require the pos variable to be updated
anymore. Remove that unneeded code to clean up static analyzer warnings
about unused assignments.
Jouni Malinen [Sat, 11 Oct 2014 15:03:38 +0000 (18:03 +0300)]
IAPP: Avoid warnings on unused write
The hlen and len variables are identical here, but only the hlen was
used in the end. Change this to use the len variable to avoid
unnecessary static analyzer warnings about unused writes.
Jouni Malinen [Sat, 11 Oct 2014 14:46:04 +0000 (17:46 +0300)]
test: Remove driver_test.c
The driver_test.c driver wrapper (-Dtest in wpa_supplicant and
driver=test in hostapd) was previously used for testing without real
Wi-Fi hardware. mac80211_hwsim-based tests have practically replaced all
these needs and there has been no improvements or use for driver_test.c
in a long while. Because of this, there has not really been any effort
to maintain this older test tool and no justification to change this
either. Remove the obsoleted test mechanism to clean up the repository.
Jouni Malinen [Sat, 11 Oct 2014 14:29:50 +0000 (17:29 +0300)]
Simplify memory allocation/freeing for static analyzers
It looks like the use of sm->wpa == WPA_VERSION_WPA2 in two locations
within the function was a bit too much for clang static analyzer to
understand. Use a separate variable for storing the allocated memory so
that it can be freed unconditionally. The kde variable can point to
either stack memory or temporary allocation, but that is now const
pointer to make the design clearer.
Jouni Malinen [Sat, 11 Oct 2014 14:18:02 +0000 (17:18 +0300)]
Add a workaround to clanc static analyzer warning
dl_list_del() followed by dl_list_add() seemed to confuse clang static
analyzer somehow, so explicitly check for the prev pointer to be
non-NULL to avoid an incorrect warning.
Jouni Malinen [Sat, 11 Oct 2014 10:43:27 +0000 (13:43 +0300)]
WPS UPnP: Make dl_list_first() use easier for static analyzer
The preceding dl_list_len() check guarantees that dl_list_first()
returns an entry and not NULL. However, that seems to be a bit too
difficult path to follow for static analyzers, so add an explicit check
for the dl_list_first() return value to be non-NULL to avoid warnings.
Jouni Malinen [Sat, 11 Oct 2014 09:38:35 +0000 (12:38 +0300)]
Set WoWLAN triggers only if driver capabilities are known
Previously, wpas_set_wowlan_triggers() could have been called in
uninitialized wpa_driver_capa data if the driver interface did not
support reporting of capabilities. While this would not really happen
with a driver wrapper that implements set_wowlan() and as such, would
not cause any difference in practice, it is better to clean this up to
make the code path easier to understand for static analyzers.
Jouni Malinen [Thu, 9 Oct 2014 13:52:38 +0000 (16:52 +0300)]
nl80211: Provide subtype and reason code for AP SME drivers
This allows drivers that implement AP SME internally to generate a
Deauthentication or Disassociation frame with the specified reason code.
This was already done with drivers that use hostapd/wpa_supplicant for
AP SME.
Jouni Malinen [Fri, 10 Oct 2014 15:03:38 +0000 (18:03 +0300)]
tests: P2P group formation with WSC_Done missing
This verifies that GO is able to complete group formation even if the
P2P Client does not send WSC_Done message (or that message is dropped
for any reason) in case the P2P Client completes 4-way handshake
successfully.
projects / thirdparty / hostap.git / log
